Posted by Tom on 2006-12-27

I’ve posted another demo – this one is a simple to-do list app (see the Demos section). The app took about 10 - 15 minutes to create, which includes figuring out the (minimal!) design.

This demo illustrates a little more of what you can do with the permission system. Each to-do list has a public? attribute. Public lists can be viewed by any visitor to the site, whereas private lists can only be viewed by the owner of the list. Here’s a couple of fragments from the TodoList model that show how we set this up:

class TodoList (fragments)

Clearly we want this view permission to carry over to the individual tasks in the list. First we define public? and owner methods on the Task model:

class Task (fragments)

belongs_to :todo_list

def owner

todo_list and todo_list.user
end
def public?
todo_list and todo_list.public?
end

The owner of a task is the owner of the to-do list it belongs to, and a task is public if it belongs to a list and that list is public. Note that the implementation of these rules is no longer than the descriptions I’m giving in English. Now we can define view permission for the task:

class Task (fragment)

def viewable_by?(viewer, field)
viewer == owner or public?
end

Run up the demo and have a look at the way these permissions effect the user-interface, as seen by a guest user, a signed in user, and the administrator (to create the administrator, just sign up as “admin”). Are there any holes? You might notice that the front page gets a little out of whack. This is because at the moment there’s no way to count the number of public to-do lists, or, say, fetch the first three public lists. That would have to be coded manually.